Secure IoT 2017

The Internet of Things (IoT) introduces new attack surfaces and vectors that can be exploited by hackers. To help people gain an understanding of these new cyber-security threats and risks to their organisation and security best practice, 2 Insight organised an IoT Security event on 17th October 2017 at the Green Park Conference in Reading.

IoT Security is a real concern for end users and organisations due to the ever-increasing number of attacks by hackers on consumer products, medical devices, vehicles, SCADA, Industrial Control, Building Management Systems, IT and OT Systems and networks of: retailers, public sector organisations, utilities, rail, transport, energy sector, production, manufacturing, plant, process and control companies e.g.:

2014 – A hack attack caused massive damage at a German Steel plant

2015 – A cyber-attack on Ukrainian electricity distribution companies caused a major power outage, with disruption to over 50 substations. Fiat Chrysler had to recall 1.4 million cars in US after security researchers showed that one of its cars could be hacked

2016 – Hackers infiltrated a water utility’s control system and changed the levels of chemicals being used to treat tap water. A massive Internet Distributed Denial of Service attack which caused outages for many Web sites (including Twitter, Amazon, Spotify and Netflix) was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV digital video recorders.

2017 – NHS hit by massive ransomware attack. Research Trend Micro revealed 83,000 industrial robots are ‘exposed’ to the public-facing internet, of which thousands are not protected with authentication. A Freedom of Information request reveals a third of national critical infrastructure organisations have not met basic cybersecurity standards issued by the UK government. US Food & Drug Administration issued a letter calling for the voluntary recall of some 465,000 Abbott (formerly St. Jude Medical) pacemakers to reduce the risk of patient harm due to potential exploitation of cybersecurity vulnerabilities.